Comment by iFreilicht
1 year ago
This makes me curious; have there ever been security exploits that utilized the font rendering as an actual attack vector? To me it feels like font rendering should be pure (in the functional sense) and thus have no side-effects, but of course that doesn't mean anything in practice.
Yes, pretty disastrously: https://kb.cert.org/vuls/id/354840/
As you have guessed, this used a rendering feature that was not pure.